Some cellular Radio Access Network (RAN) vendors are exploring procedures by which base stations at a cell site can host virtual machines with applications to “enhance” service delivery and quality of experience of data served towards mobile subscriber. In these systems, GTP-encapsulated IP packets sent to and received from a mobile node are routed through one or more services operating in the base station. These services may, for example, only observe the packet flow or even alter the packet flow if this improves the quality of experience for the mobile subscriber, the mobile service provider or both. An example of these services is a Hypertext Transfer Protocol (HTTP) web cache. When a web cache is deployed in a base station, web requests that “hit” in this cache do not lead to the transmission of data over the backhaul. The benefits are twofold: if the backhaul is loaded, the mobile subscriber can still obtain data at rates only limited by the performance of the cellular channel. By using a base station cache, the mobile service provider can ease loading on its backhaul and thus reduce operational or capital expenditures on said link.
Yet, a mobile service provider has a legal requirement to enable the authorities to intercept all traffic sent to and received from a mobile subscriber operating on its cellular network. All such data is transmitted through a lawful intercept function hosted in a secure compute and/or network element in the cellular packet core and operated by trusted personnel. A lawful intercept function creates a facsimile of all data received and transmitted for those subscribers subject to lawful intercept and records their data in a secure location, including a time stamp of the operation and a cell-site identifier connecting the mobile node. To make certain no overt channel exist, all data served to and from the mobile node may be sent through the lawful intercept function, including the data for mobile subscribers not subject to lawful interception as the lawful intercept function may operate as a “black box.” A base station is not usually considered a secure location, and as such should not host the lawful intercept function itself.